App protection policies - Microsoft Intune

Any one have experience with Outlook and Intune MAM policies (Workspace One UEM as the MDM). It does not seem to flag a business vs non-business account which is key for BYOD.

I wander also whether WS1’s own DLP settings etc are just as good, any feedback.



I ran into the same issue when I first configured iOS managed apps on Intune, follow this guide to add appConfig policy to identify the application as managed.

The following Key will need to be set for Outlook (and other related apps)

Third-party MDM provider Configuration Key Value Type Configuration Value
Microsoft Intune IntuneMAMUPN String {{UserPrincipalName}}
VMware AirWatch IntuneMAMUPN String {UserPrincipalName}
MobileIron IntuneMAMUPN String {userUPN} or {userEmailAddress}
Citrix Endpoint Management IntuneMAMUPN String ${user.userprincipalname}
ManageEngine Mobile Device Manager IntuneMAMUPN String %upn%

The alternative is to set your MAM policies to encapsulate all states, however you can not separate unmanaged form managed as all apps would then be treated as unmanaged.


Thanks Andrew. I came across that. I believe it’s still not correctly marking as corporate. I’ll check further…